Cointelegraph Reader Spotted TrueCrypt’s Possible Warrant Canary in Early June

A tip of the hat is due to Cointelegraph reader proliberate, who spotted a possible warrant canary on TrueCrypt’s late-May shutdown notice when we first reported on it.

39 Total views

0Total shares

A tip of the hat is due to Cointelegraph reader proliberate, who spotted a possible warrant canary on TrueCrypt’s late-May shutdown notice when we first reported on it.

First, some background is necessary.

TrueCrypt, a popular open-source encryption tool, abruptly announced on its Sourceforge page on May 29 that it was no longer safe to use. The page then directed users to migrate their data to BitLocker or another program.

Red flags went off among users. Comparisons to the abrupt shutdown of encrypted email provider Lavabit were made.

Those comparisons are particularly interesting because we have since discovered that founder Ladar Levinson was put in a position by the US government to either install spy equipment on his company’s network or shut down. Levinson chose the latter.

The US government can issue secret subpoenas under 18 U.S.C.§2709(c) of the USA Patriot Act for user data and other information. The subpoenaed service provider is legally bound from divulging receipt of such an order.

Thus, warrant canaries were created as a workaround. Typically, a warrant canary is an image or piece of information that alerts users to such secret subpoenas only when that image or information disappears from, say, a company web page.

Did TrueCrypt post a warrant canary?

Theoretically, a new message written in code could also serve as a warrant canary. That’s what proliberate was pointing out back in early June.

Here is the text of TrueCrypt’s notice:

“WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues”

At first glance, most readers would be forgiven for glossing over the awkward sentence construction, as that’s how legalese tends to read to most of us.

The first clue that some other message is encoded is the “not secure as.” For everyone who remembers the FANBOYS mnemonic from middle school, there should at least be a comma before that “as.”

Instead, we’re left with three awkward words that proliberate suggests could mean NSA, the US government’s National Security Agency, which Edward Snowden blew the whistle on more than a year ago for overreaching in its surveillance of, well, just about everyone.

The Latin theory

Since then, a theory has developed on top of what proliberate suggested: That making an anagram from all the letters in the warning sentence reveals a phrase in awkward Latin.

Here is what Live Business Chat forum administrator badon theorized on June 15:

“That sentence uses strange English, like the word ‘unfixed,’ that is clearly contrived to fit a hidden message. If you take just the first letter of each word, except the word ‘WARNING’:

‘Using TrueCrypt is not secure as it may contain unfixed security issues’

you get this:

‘uti nsa im cu si’

It's Latin that roughly means:

‘Unless I want to use the NSA’

So, the full message seems to be this:

‘WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues, unless I want to use the NSA’”

Sure, that could be a bit of a stretch, in the vein of numerologists who claim that the date 9/11/2001 proves the Illuminati brought down the World Trade Center.

But as badon notes:

“The important thing is that the hidden message — even if it doesn't exist — has succeeded in getting people to question whether the NSA might be trying to tamper with the security of TrueCrypt. That's a bona fide ‘mission accomplished’ from the point of view of the TrueCrypt developers, and there's really nothing more to say about it.”